Open in app

Sign in

Write

Sign in

Networking on Google Cloud | Part 2 | Network Subnet and CIDR Planning on GCP (IPAM on GCP)

Omkar Nadkarni
Niveus Solutions
3 min readJun 9, 2024

--

The next logical step after networking design planning is to set up a process to have Ipam to ensure there are no overlapping IP addresses on GCP and other connected networks like OnPrem or other clouds.

Introduction

GCP networking Subnet

On GCP once you have a VPC, you will need to create a subnet and they will need an IP CIDR. Except for google APIs which are consumed using public API endpoints, we will need an IP address to deploy resources in our VPC or in google managed VPC for VPC peering or private service endpoints or private service connect.

Subnets are regional and are not network boundaries. So we will need multiple subnets in case resources are spread across in multiple VPC or regions.

Why subnet CIDR planning?

Since IP addresses are limited and should be non overlapping it is very important we use them sparingly.

So depending on how many resources needs to be created under the subnet, an appropriate CIDR range needs to be allocated.

Challenges

On enterprises where there are many teams creating resources and need an IP address, it’s very important to have a process to manage the IP address by network admins or a centralized team.

Otherwise there will be conflict of IP address or lack of IP address to be used.

Solution

Below is the approach we can take to ensure uniqueness of IP address.

  • Have Super range in GCP.
  • Segregate IP address for all regions.
  • Divide them as per environment.
  • Allocate the smallest possible Subnet on request from app owners.
  • It’s very important to document the process on how to calculate IP addresses for resources like VMs, GKE, managed services like cloud SQL, Memory store, partner solution like Elasticsearch cloud or MongoDb atlas etc.
  • All resources have some sizing like small, medium or large based on workloads and environment and have a few benchmarks for the engineering team so they don’t spend a lot of time on planning and can be quickly started. Like VMs with mig small will have /26 , medium will have /24 and large will have /21.
  • It is even more important for GKE which is a platform. This is a calculator which will help determine IP address Subnets required for GKE.
  • While creating a Subnet proper naming convention should be followed.
  • Have an approval process.
  • Keep the records centrally managed and tracked. This should match the asset inventory. It should have the network IP address owner name and contact details.
  • Utilise asset inventory and scripts available before allocating an IP address to ensure they are unique. Some options for these are below

a . IPAM AutoPilot: –

https://github.com/GoogleCloudPlatform/professional-services/tree/main/tools/ipam-autopilot

b. Internal range API (Pre-GA):-

https://cloud.google.com/blog/products/networking/introducing-internal-range-api

  • Please ensure there is a process to free the IP address once the resources are no longer used and can be used for some other purposes.

Conclusion

While creating a Subnet, there should be a process to avoid overlapping IP addresses. Hope this blog gives some insight into ways to achieve it and automate it.

Network
Subnet
Gcp

--

--

Omkar Nadkarni
Niveus Solutions

Written by Omkar Nadkarni

40 Followers
Writer for

Omkar Nadkarni is a principal cloud architect passionate about technology and its impact on business. Has skillset around GCP, azure, AWS, devops and infra.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams